Event View Question and how to fix the problem

G

Guest

I recently checked my event viewer, and have alot of errors when signing off
that are "Application of service was still using the registry during log off.
The memory used by the user's registry has not been freed. The registry
will be unloaded when it is no longer in use" wasn't sure what it meant, and
if there is anything to do about it. I think this is what may be causing my
not to quick shut down. I click on the explanation and it says "Windows
unloads user's profile and user's section of the registry when the user logs
off. This message indicates that Windows could not unload the user's profile
because a program was referencing the user's section of the registry. This
locked the profile. The registry cannot unload profiles that are locked and
in use. When the program that is locking the profile is no longer
referencing the registry, the profile will be unlocked."

it then said " User Action" No user action is required" is this true?

Also, when I went to get on your newsgroup, this Winfixer, was trying to
download on my computer, not sure is this needed, couldn't get it to stop
downloading for a time". Thanks and appreciate your help.
 
B

Brian A.

http://www.spywareguide.com/product_show.php?id=2263

http://securityresponse.symantec.com/avcenter/venc/data/winfixer.html

**It is very important to run the update for each program before running
the app/s to be sure you have the latest definitions.**
Run the programs in Safe Mode after assuring you have shut down all running
tasks except explorer or systray and all apps are fully up to date.
Remove your Temp Internet files: Right click IE. Under the General tab
click Delete Files, put a check in Delete all Offline..., click OK and
close when finished.
Delete all files in c:\windows\temp.

Download/run Cool Web Shredder from:
http://www.intermute.com/products/cwshredder.html

For Info on Cool Web Search variants:
http://www.richardthelionhearted.com/~merijn/cwschronicles.html

Download/install/run Ad-Aware SE to detect/rid of any other
parasites/spyware that may be installed. It can be obtained free from:
http://www.lavasoftusa.com/
After installing Ad-Aware, open it and click on the ref update to get the
latest up-to-date ref file, then run Ad-Aware and delete everything it
finds.

Download/install/run Spybot - Search & Destroy:
http://security.kolla.de/index.php?lang=en&page=download
Run it at it's default settings until you learn an know more about it.
Spybot S&D is more of an advanced users tool and changing from the default
settings can be dangerous to the novice user. Items found in the default
settings that are RED can usually be safely removed. If you are unsure of a
found item, do not remove it and ask for help.

If you still have problems, download/run HijackThis from:
http://www.richardthelionhearted.com/~merijn/downloads.html
http://majorgeeks.com/downloads31.html

Copy HJT to it's own folder, this is where the log files will be saved.
Run HJT in Normal Mode.
Do not remove anything with it until you get advice on what to remove,
HJThis will list many apps that are needed along with the bad ones.
Removing items listed hap-hazardly without knowing what they are can/will
create a royal mess. Read the quick start here on how to create a log file
that can be copied/pasted into a forum that can provide assistance on
removal of unwanted pests.
http://mjc1.com/mirror/hjt/#quick

Then post the logs to an appropriate forum where they specialize in
spyware/hijacker removal. Please read any sticky notes for proper posting
which are most commonly posted first at the top in each specific forum.
Read any information under each forum category name for information on what
that particular one is used for, look for the proper one that you post logs
to.
http://forums.spywareinfo.com/
http://aumha.net/
http://forum.aumha.org/

After running the above and assuring you have a clean machine:
It’s also a good idea to have a HOSTS file to block bad sites, scroll to
HOSTS File Manager here:
http://www.mvps.org/PracticallyNerded/Software.htm

Download/install/run SpywareBlaster which stops the badboys before they
even get a chance to install:
http://www.javacoolsoftware.com/spywareblaster.html

--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375
 
G

Guest

Thanks Brian, about the Winfixer things, I did run my Spybot 2 times but it
would not get rid of Winfixer, so I restored my computer to the day before,
and ran Spybot 2 more times and the Winfix didn't show up this time. SO does
that mean I got rid of it? :) Thanks
 
G

Guest

Thanks Brian, I did go back and read your article on symantics; although I
don't have Norton, ( ihave AVG/Spybot), I am going to do the msconfig, and
check the registry files :) and will also do the UPH, to clean up UserProfile
Hive.
 
B

Brian A.

It doesn't matter if you have Norton or not to use the info in the
article. Good luck with your checking and hope all comes out well.

On another note, you should have more than AVG and SB S&D. You should
also have a software firewall besides XP's which IMO is inadequate.
My standard blurb on Spyware/Adware:
**It is very important to run the update for each program before running
the app/s to be sure you have the latest definitions.**
Run the programs in Safe Mode after assuring you have shut down all running
tasks except explorer or systray and all apps are fully up to date.
Remove your Temp Internet files: Right click IE. Under the General tab
click Delete Files, put a check in Delete all Offline..., click OK and
close when finished.
Delete all files in c:\windows\temp.

Download/run Cool Web Shredder from:
http://www.intermute.com/products/cwshredder.html

For Info on Cool Web Search variants:
http://www.richardthelionhearted.com/~merijn/cwschronicles.html

Download/install/run Ad-Aware SE to detect/rid of any other
parasites/spyware that may be installed. It can be obtained free from:
http://www.lavasoftusa.com/
After installing Ad-Aware, open it and click on the ref update to get the
latest up-to-date ref file, then run Ad-Aware and delete everything it
finds.

Download/install/run Spybot - Search & Destroy:
http://security.kolla.de/index.php?lang=en&page=download
Run it at it's default settings until you learn an know more about it.
Spybot S&D is more of an advanced users tool and changing from the default
settings can be dangerous to the novice user. Items found in the default
settings that are RED can usually be safely removed. If you are unsure of a
found item, do not remove it and ask for help.

If you still have problems, download/run HijackThis from:
http://www.richardthelionhearted.com/~merijn/downloads.html
http://majorgeeks.com/downloads31.html

Copy HJT to it's own folder, this is where the log files will be saved.
Run HJT in Normal Mode.
Do not remove anything with it until you get advice on what to remove,
HJThis will list many apps that are needed along with the bad ones.
Removing items listed hap-hazardly without knowing what they are can/will
create a royal mess. Read the quick start here on how to create a log file
that can be copied/pasted into a forum that can provide assistance on
removal of unwanted pests.
http://mjc1.com/mirror/hjt/#quick

Then post the logs to an appropriate forum where they specialize in
spyware/hijacker removal. Please read any sticky notes for proper posting
which are most commonly posted first at the top in each specific forum.
Read any information under each forum category name for information on what
that particular one is used for, look for the proper one that you post logs
to.
http://forums.spywareinfo.com/
http://aumha.net/
http://forum.aumha.org/

After running the above and assuring you have a clean machine:
It’s also a good idea to have a HOSTS file to block bad sites, scroll to
HOSTS File Manager here:
http://www.mvps.org/PracticallyNerded/Software.htm

Download/install/run SpywareBlaster which stops the badboys before they
even get a chance to install:
http://www.javacoolsoftware.com/spywareblaster.html

--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375
 
G

Guest

thanks again Brian,, as a matter of fact I had downloaded Adware Personal the
other day, until I restored my system back to the day before. I think I may
have been doing scans wrong then, I have always done the AVG, Spybot in
normal mode, guess I had been afraid of safe mode, afraid I wouldn't get back
to regular mode. I had another question, my AVG is down in my task (or
system) tray at sign on, so does that mean it is starting up upon boot up.
Does AVG need to be in my system tray that is down by the clock? Thanks again
 
B

Brian A.

That's fine if you run them in Normal Mode, in Safe Mode other apps as
well as the baddies aren't running and they can't attempt to hide or block
the detection apps from running. You can if you wish run them in Safe Mode
when you suspect a compromise to the machine, I personally run them in SM 1
out of 5 times to be sure the machines here are clean and nothing is
hiding.

The one app that should be run in Normal Mode is HijackThis so it can
pick out any baddies running.

As for AVG: Yes and Yes.

--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375
 
G

Guest

Hi Brian, me again, one more time :), I did download the Adware Personal
(SE), and did a scan, it found a critical toolbar thing called (softomate),
I quartantined and removed it, does that fix problem there, I accidently
deleted my list that showed what was in that specific scan. But it still
showed the total number. Wasn't sure how to get that back. But I did
Spybot, and it didn't find any registry keys for the Winfixer :) yeah, just
2 cookies, but one called Vultamundo something, (4 files) and it said it
fixed that, (through Spybot). So does it sound like I am ok now? :)
THanks
 
B

Brian A.

Download HijackThis from:
http://www.richardthelionhearted.com/~merijn/downloads.html
http://majorgeeks.com/downloads31.html

Copy/extract HJT to it's own folder, this is where the log files will be
saved.

Boot to Safe Mode and run in this order:
CWShredder
Ad-Aware
SB S&D

Reboot to your normal desktop.
Run HJT.
DO NOT remove anything with it until you get advice on what to remove,
HJThis will list many apps that are needed along with the bad ones.
Removing items listed hap-hazardly without knowing what they are can/will
create a royal mess. Read the quick start here on how to create a log file
that can be copied/pasted into a forum that can provide assistance on
removal of unwanted pests.
http://mjc1.com/mirror/hjt/#quick

Then post the logs to an appropriate forum where they specialize in
spyware/hijacker removal. Please read any sticky notes for proper posting
which are most commonly posted first at the top in each specific forum.
Read any information under each forum category name for information on what
that particular one is used for, look for the proper one that you post logs
to.
http://forums.spywareinfo.com/
http://aumha.net/
http://forum.aumha.org/

After running the above and assuring you have a clean machine:
It’s also a good idea to have a HOSTS file to block bad sites, scroll to
HOSTS File Manager here:
http://www.mvps.org/PracticallyNerded/Software.htm

Download/install/run SpywareBlaster which stops the badboys before they
even get a chance to install:
http://www.javacoolsoftware.com/spywareblaster.html


--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

event viewer 3
error ID 1517 source Userenv 3
Warning event occurring frequently 3
UPHClean results Question. 6
Event ID: 1517 Error VS Warning 4
Error Id 1517 1
Slow XP Shutdown 5
Warning: "try configuring the services to run in either the LocalService or NetworkService account" 3

Top